Lenovo will be feeling green around the gills following reports of fishy activity taking place on its consumer laptops.
According to posts by users on the company's forum, adware called Superfish has been caught hijacking browsers to inject third-party ads on Google searches and websites without permission.
It apparently does so using self-signed certificates to fool browsers into displaying them. One forum user claimed that the program had intercepted a web connection to their bank, potentially allowing Superfish to collect data without question.
Another, who pledged to return his lurgy-riggen laptop after discovering the adware, described it as, "A blatant man-in-the-middle attack breaking any privacy laws."
Scaling back
In reply to the growing number of posts from disgruntled users, Lenovo administrator Mark Hopkins replied in a separate thread to confirm that Lenovo has removed Superfish from its consumer laptops. The company has also requested that the developer issues a patch to plug the security snafu.
He wrote: "Due to some issues (browser pop up behavior for example), with the Superfish Visual Discovery browser add-on, we have temporarily removed Superfish from our consumer systems until such time as Superfish is able to provide a software build that addresses these issues.
"As for units already in market, we have requested that Superfish auto-update a fix that addresses these issues."
It's unknown how many Lenovo laptops containing the software are still on the market. TechRadar has contacted Lenovo and Superfish for comment.
No comments:
Post a Comment